Configuration for svn+ssh repository
143 views
Skip to first unread message
Jim Lloyd
Oct 31, 2008, 12:32:41 PM10/31/08
to revie...@googlegroups.com
Hi,
I've spent the last couple days installing and configuring reviewboard for the first time. We use a subversion repository and developers use the svn+ssh access method. My initial attempts to configure reviewboard to use svn+ssh failed. I was able to submit a change with post-review, and see that a review record had been created in reviewboard, but reviewboard failed to retrieve the diff. I experimented a bit with my configuration settings, but eventually I did the workaround of configuring the apache/mod_dav_svn access for our repository, supporting read-only operations, and then configured reviewboard to access the repository via http. This allowed reviewboard to get the base revision, and I concluded that I was done.
However, a new post-review now gives the error:
Error creating review request: The repository path specified is not in the list of known repositories (code 206)
I'd appreciate it if someone could give some authoritative answers to what are hopefully trivial questions:
Jim
I've spent the last couple days installing and configuring reviewboard for the first time. We use a subversion repository and developers use the svn+ssh access method. My initial attempts to configure reviewboard to use svn+ssh failed. I was able to submit a change with post-review, and see that a review record had been created in reviewboard, but reviewboard failed to retrieve the diff. I experimented a bit with my configuration settings, but eventually I did the workaround of configuring the apache/mod_dav_svn access for our repository, supporting read-only operations, and then configured reviewboard to access the repository via http. This allowed reviewboard to get the base revision, and I concluded that I was done.
However, a new post-review now gives the error:
Error creating review request: The repository path specified is not in the list of known repositories (code 206)
I'd appreciate it if someone could give some authoritative answers to what are hopefully trivial questions:
- Does reviewboard work fine with just svn+ssh access?
- If so, I'd like to create a 'reviewboad' account that reviewboard will use as its identity when performing any svn operations. Can this account work with read-only access to the repostitory?
- In the repositories configuration, for an svn+ssh repository, the password should be the unix login password for the reviewboard userid, correct?
- The password seems to be stored in plain text. Is there a more secure setup available, perhaps using ssh PubkeyAuthentication?
- In the repositories configuration, there is a field labelled "Mirror path:". Can I use this to allow both svn+ssh and http access to the same repository?
Jim
Jim Lloyd
Oct 31, 2008, 1:12:14 PM10/31/08
to revie...@googlegroups.com
FYI, I changed my configuration back to svn+ssh, with a 'reviewboard' user and password. I was able to submit a change with post-review, and see the new review request in reviewboard. But when I click through to see the diff, reviewboard shows me this stack crawl:
Traceback (most recent call last):Jim
File "/home/jim/rb/reviewboard/diffviewer/views.py", line 86, in view_diff
files = get_diff_files(diffset, None, interdiffset, highlighting)
File "/home/jim/rb/reviewboard/diffviewer/diffutils.py", line 654, in get_diff_files
enable_syntax_highlighting)
File "/home/jim/rb/reviewboard/diffviewer/diffutils.py", line 573, in generate_files
large_data=True)
File "/home/jim/rb/reviewboard/djblets/util/misc.py", line 142, in cache_memoize
data = lookup_callable()
File "/home/jim/rb/reviewboard/diffviewer/diffutils.py", line 572, in <lambda>
enable_syntax_highlighting),
File "/home/jim/rb/reviewboard/diffviewer/diffutils.py", line 338, in get_chunks
old = get_original_file(filediff)
File "/home/jim/rb/reviewboard/diffviewer/diffutils.py", line 245, in get_original_file
large_data=True)[0]
File "/home/jim/rb/reviewboard/djblets/util/misc.py", line 142, in cache_memoize
data = lookup_callable()
File "/home/jim/rb/reviewboard/diffviewer/diffutils.py", line 244, in <lambda>
data = cache_memoize(key, lambda: [fetch_file(file, revision)],
File "/home/jim/rb/reviewboard/diffviewer/diffutils.py", line 224, in fetch_file
data = tool.get_file(file, revision)
File "/var/www/reviewboard/scmtools/svn.py", line 115, in get_file
raise SCMError(e)
SCMError: Connection closed unexpectedly
Christian Hammond
Nov 2, 2008, 1:53:05 AM11/2/08
to revie...@googlegroups.com
Hi Jim.
Comments inline.
Review Board never writes to the repository in any way, so a read-only account would work fine. Though, if there's anonymous access to the repository, that often works better.
Comments inline.
On Fri, Oct 31, 2008 at 9:32 AM, Jim Lloyd <jim....@gmail.com> wrote:
Hi,
I've spent the last couple days installing and configuring reviewboard for the first time. We use a subversion repository and developers use the svn+ssh access method. My initial attempts to configure reviewboard to use svn+ssh failed. I was able to submit a change with post-review, and see that a review record had been created in reviewboard, but reviewboard failed to retrieve the diff. I experimented a bit with my configuration settings, but eventually I did the workaround of configuring the apache/mod_dav_svn access for our repository, supporting read-only operations, and then configured reviewboard to access the repository via http. This allowed reviewboard to get the base revision, and I concluded that I was done.
However, a new post-review now gives the error:
Error creating review request: The repository path specified is not in the list of known repositories (code 206)
I'd appreciate it if someone could give some authoritative answers to what are hopefully trivial questions:
- Does reviewboard work fine with just svn+ssh access?
It should, yes.
- If so, I'd like to create a 'reviewboad' account that reviewboard will use as its identity when performing any svn operations. Can this account work with read-only access to the repostitory?
Review Board never writes to the repository in any way, so a read-only account would work fine. Though, if there's anonymous access to the repository, that often works better.
- In the repositories configuration, for an svn+ssh repository, the password should be the unix login password for the reviewboard userid, correct?
Correct.
- The password seems to be stored in plain text. Is there a more secure setup available, perhaps using ssh PubkeyAuthentication?
Yes, unfortunately it is stored in plain text. What you should be able to do is sudo to the user that the web server runs as, generate a public/private key, and then configure the server to give that key access without requiring a password. Assuming you have complete control as to what's running on your system, that should be fine. If you lock down this user on the server and on the repository, even better.
- In the repositories configuration, there is a field labelled "Mirror path:". Can I use this to allow both svn+ssh and http access to the same repository?
Yeah. What basically happens is that Review Board will check either the main repository path or the mirror path when looking up a repository (say, from post-review), but will use the mirror path (if set) for the actual calls to the server. (Why it uses the mirror path and not the main one, I don't recall anymore -- I think it was due to how we had things set up at VMware originally to work around something).
So you can set the mirror path to be https, and then use svn+ssh for the main repository path, and post-review will verify the local user's svn+ssh path against that.
Christian
So you can set the mirror path to be https, and then use svn+ssh for the main repository path, and post-review will verify the local user's svn+ssh path against that.
Christian
Christian Hammond
Nov 2, 2008, 1:54:33 AM11/2/08
to revie...@googlegroups.com
Shame we don't have more information on what caused that Connection Closed. I'd verify that the web server's user can do a checkout using your new reviewboard user. Maybe it needs to accept the server's key first. I don't know that we have any control over that with pysvn, but I'll look into it.
Christian
--
Christian Hammond - chi...@chipx86.com
VMware, Inc.
Christian
--
Christian Hammond - chi...@chipx86.com
VMware, Inc.
Russell Bryant
Nov 3, 2008, 5:28:43 PM11/3/08
to reviewboard
On Nov 2, 12:53 am, "Christian Hammond" <chip...@chipx86.com> wrote:
> Yeah. What basically happens is that Review Board will check either the
>
> main repository path or the mirror path when looking up a repository (say,
> from post-review), but will use the mirror path (if set) for the actual
> calls to the server. (Why it uses the mirror path and not the main one, I
> don't recall anymore -- I think it was due to how we had things set up at
> VMware originally to work around something).
have a repository set up with the main path as https://origsvn..., as
that is where all of my checkouts will be from. Then, I set my mirror
path to be http://svn..., since that is the public mirror that
reviewboard actually has access to. post-review from my https://
checkout works fine, but viewing the diff does not work. It looks
like it's making calls to the server using the main repo path instead
of the mirror path. Here is the trace. I'll see if I can figure out
what to change in the code in the meantime ...
PROPFIND request failed on '/svn/asterisk/trunk/apps/app_rpt.c'
PROPFIND of '/svn/asterisk/trunk/apps/app_rpt.c': SSL negotiation
failed: SSL error: sslv3 alert handshake failure (https://
origsvn.digium.com)
Traceback (most recent call last):
in view_diff
files = get_diff_files(diffset, None, interdiffset, highlighting)
File "/home/russell/src/reviewboard/diffviewer/diffutils.py", line
files = get_diff_files(diffset, None, interdiffset, highlighting)
654, in get_diff_files
enable_syntax_highlighting)
File "/home/russell/src/reviewboard/diffviewer/diffutils.py", line
573, in generate_files
large_data=True)
File "/home/russell/src/reviewboard/djblets/util/misc.py", line 142,
in cache_memoize
data = lookup_callable()
File "/home/russell/src/reviewboard/diffviewer/diffutils.py", line
data = lookup_callable()
572, in <lambda>
enable_syntax_highlighting),
File "/home/russell/src/reviewboard/diffviewer/diffutils.py", line
338, in get_chunks
old = get_original_file(filediff)
File "/home/russell/src/reviewboard/diffviewer/diffutils.py", line
old = get_original_file(filediff)
245, in get_original_file
large_data=True)[0]
File "/home/russell/src/reviewboard/djblets/util/misc.py", line 142,
large_data=True)[0]
in cache_memoize
data = lookup_callable()
File "/home/russell/src/reviewboard/diffviewer/diffutils.py", line
data = lookup_callable()
244, in <lambda>
data = cache_memoize(key, lambda: [fetch_file(file, revision)],
File "/home/russell/src/reviewboard/diffviewer/diffutils.py", line
data = cache_memoize(key, lambda: [fetch_file(file, revision)],
224, in fetch_file
data = tool.get_file(file, revision)
File "/home/russell/src/reviewboard/scmtools/svn.py", line 115, in
data = tool.get_file(file, revision)
get_file
raise SCMError(e)
SCMError: PROPFIND request failed on '/svn/asterisk/trunk/apps/
app_rpt.c'
PROPFIND of '/svn/asterisk/trunk/apps/app_rpt.c': SSL negotiation
failed: SSL error: sslv3 alert handshake failure (https://
origsvn.digium.com)
--
Russell Bryant
Russell Bryant
Nov 3, 2008, 5:47:12 PM11/3/08
to reviewboard
On Nov 3, 4:28 pm, Russell Bryant <russell.bry...@gmail.com> wrote:
> On Nov 2, 12:53 am, "Christian Hammond" <chip...@chipx86.com> wrote:
>
> > Yeah. What basically happens is that Review Board will check either the
>
> > main repository path or the mirror path when looking up a repository (say,
> > from post-review), but will use the mirror path (if set) for the actual
> > calls to the server. (Why it uses the mirror path and not the main one, I
> > don't recall anymore -- I think it was due to how we had things set up at
> > VMware originally to work around something).
>
> Hm. I'm having trouble getting it to actually behave this way. I
> that is where all of my checkouts will be from. Then, I set my mirror
> path to behttp://svn..., since that is the public mirror that
> reviewboard actually has access to. post-review from my https://
> checkout works fine, but viewing the diff does not work. It looks
> like it's making calls to the server using the main repo path instead
> of the mirror path. Here is the trace. I'll see if I can figure out
> what to change in the code in the meantime ...
I was able to get this fixed with the help of Christian on IRC. All I
> checkout works fine, but viewing the diff does not work. It looks
> like it's making calls to the server using the main repo path instead
> of the mirror path. Here is the trace. I'll see if I can figure out
> what to change in the code in the meantime ...
did was swap my settings for the main and mirror paths. It turns out
that reviewboard will always use the _main_ path to access the
repository, not the mirror path, as mentioned before. I'll see if I
can find a logical place on the wiki to add this information ...
Jim Lloyd
Nov 3, 2008, 6:44:30 PM11/3/08
to revie...@googlegroups.com
Christian & Russell: thanks for investigating this issue. I now have a working configuration. I'm using http (not https) for the main path, and svn+ssh for the mirror path. Post-review works for checkouts done using svn+ssh, and diffs now work without error. With this setup I don't need to specify a user & password, and my http server is on a private network behind a firewall, configured for read-only operations, so I'm satsified with the security considerations.
Thanks!
Jim
Christian Hammond
Nov 3, 2008, 8:14:55 PM11/3/08
to revie...@googlegroups.com
Excellent! Glad it's working Jim :)
Reply all
Reply to author
Forward
0 new messages